Access management in SpeechKit
In this section, you will learn:
About access management
In Yandex Cloud, all transactions are checked in Yandex Identity and Access Management. If a subject does not have the required permission, the service returns an error.
To grant permission for a resource, assign roles for this resource to the subject that will perform operations. Roles can be assigned to a Yandex account, a service account, federated users, a user group, or a system group. For more information, see How access management works in Yandex Cloud.
Only users with the admin
, resource-manager.clouds.owner
, or organization-manager.organizations.owner
role for a resource can assign roles for this resource.
Which resources you can assign a role for
Like other services, roles can be assigned for a cloud or folder. The roles assigned for clouds and folders also apply to nested resources.
Which roles exist in the service
Service roles
ai.speechkit-stt.user
The ai.speechkit-stt.user
role allows you to use Yandex SpeechKit for speech recognition, as well as view info on the relevant cloud, folder, and quotas.
ai.speechkit-tts.user
The ai.speechkit-tts.user
role allows you to use Yandex SpeechKit for speech synthesis, as well as view info on the relevant cloud, folder, and quotas.
ai.auditor
The ai.auditor
role enables you to view quotas for Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models, as well as read the folder metadata.
ai.viewer
The ai.viewer
role enables you to view quotas for Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models, as well as view the folder info.
This role also includes the ai.auditor
permissions.
ai.editor
The ai.editor
role allows you to use Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models.
Users with this role can:
- Use Yandex Translate to translate texts.
- Use Yandex Vision OCR to analyze images.
- Use Yandex SpeechKit for speech recognition and synthesis.
- Use YandexGPT API language models for text generation and YandexART models for image generation within Yandex Foundation Models.
- View information on the relevant cloud and folder.
- View information on Translate, Vision, SpeechKit, and Foundation Models quotas.
This role includes the following roles' permissions: ai.viewer
, ai.translate.user
, ai.vision.user
, ai.speechkit-stt.user
, ai.speechkit-tts.user
, ai.languageModels.user
, ai.imageGeneration.user
.
ai.admin
The ai.admin
role allows you to use Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models.
Users with this role can:
- Use Yandex Translate to translate texts.
- Use Yandex Vision OCR to analyze images.
- Use Yandex SpeechKit for speech recognition and synthesis.
- Use YandexGPT API language models for text generation and YandexART models for image generation within Yandex Foundation Models.
- View information on the relevant cloud and folder.
- View information on Translate, Vision, SpeechKit, and Foundation Models quotas.
This role also includes the ai.editor
permissions.
For more information about service roles, see Roles in the Yandex Identity and Access Management service documentation.
Roles of other services
When working with SpeechKit, you may need roles of other services, for example, to upload results and source materials to an Object Storage bucket.
resource-manager.clouds.owner
The resource-manager.clouds.owner
role grants full access to the cloud and its resources. The role can only be assigned for a cloud.
storage.uploader
The storage.uploader
role enables you to upload objects to a bucket and overwrite previously uploaded ones. Since the storage.uploader
role inherits the permissions of the storage.viewer
role, it also grants permission to list bucket objects and download them.
This role does not allow you to delete objects or configure buckets.
kms.keys.encrypterDecrypter
The kms.keys.encrypterDecrypter
role enables you to encrypt and decrypt data and view information about keys. Includes all access rights of the kms.keys.encrypter
and kms.keys.decrypter
roles.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows managing (creating, editing, and deleting) resources.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see the Yandex Cloud role reference.